<?php
# MantisBT - a php based bugtracking system

# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.

	/**
	 * @package MantisBT
	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
	 * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
	 * @link http://www.mantisbt.org
	 */
	 /**
	  * MantisBT Core API's
	  */
	require_once( 'core.php' );
	require_once( 'current_user_api.php' );
	require_once( 'compress_api.php' );
	require_once( 'filter_api.php' );
	require_once( 'last_visited_api.php' );

	auth_ensure_user_authenticated();

	$t_current_user_name = current_user_get_field( 'username' );
	$t_current_real_name = current_user_get_field( 'realname' );
	$t_current_email = current_user_get_field( 'email' );
	
	# Improve performance by caching category data in one pass
	category_get_all_rows( helper_get_current_project() );

	compress_enable();

	# don't index my view page
	html_robots_noindex();

	html_page_top1( lang_get( 'my_view_link' ) );

	if ( current_user_get_pref( 'refresh_delay' ) > 0 ) {
		html_meta_redirect( 'my_view_page.php', current_user_get_pref( 'refresh_delay' )*60 );
	}

	html_page_top2();

	print_recently_visited();

	$f_page_number		= gpc_get_int( 'page_number', 1 );

	$t_per_page = config_get( 'my_view_bug_count' );
	$t_bug_count = null;
	$t_page_count = null;

	$t_boxes = config_get( 'my_view_boxes' );
	asort ($t_boxes);
	reset ($t_boxes);
	#print_r ($t_boxes);

	$t_project_id = helper_get_current_project();
?>
<br>

Trung tâm Dịch vụ bảo mật<br>
<hr>					
<table border=0 cellspacing="3" cellpadding="0" width=100%>
			<tr>
				<td align="center">[<a href="securityservices.php?do=addcare">Add care</a>] 
				| [<a href="securityservices.php?do=viewall">View all</a>] 
				| [<a href="securityservices.php?do=viewme">View ME</a>] 
				| [<a href="securityservices.php?do=suser">User site</a>] 
				| [<a href="securityservices.php?do=summary">Summary</a>]
				| [<a href="securityservices.php?do=search">Search</a>] 
				</td>
			</tr>
</table>
<div>
<table border=0 cellspacing="0" cellpadding="0" style="border-collapse:collapse;" width=100%>
			<tr>
				<td>
				<script type="text/javascript">
						var arrInput = new Array(0);
						var arrInputValue = new Array(0);

						function addInput() {
						arrInput.push(arrInput.length);
						arrInputValue.push("");
						display();
						}

						function display() {
						document.getElementById('parah').innerHTML="";
						for (intI=0;intI<arrInput.length;intI++) {
						document.getElementById('parah').innerHTML+=createInput(arrInput[intI], arrInputValue[intI]);
						}
						}

						function saveValue(intId,strValue) {
						arrInputValue[intId]=strValue;
						}

						function createInput(id,value) {
						return "<tr><td><input type='text' name='daumuc"+intI+"' onChange='javascript:saveValue1("+intI+",this.value)' value='"+ value +"'></td><td><input type='text' name='soluong"+intI+"' onChange='javascript:saveValue2("+intI+",this.value)' value='"+ value +"'></td><td><input type='text' name='chungloai"+intI+"' onChange='javascript:saveValue3("+intI+",this.value)' value='"+ value +"'></td><td><input type='text' name='chuthich"+intI+"' onChange='javascript:saveValue4("+intI+",this.value)' value='"+ value +"'></td></tr>";
						
						}

						function deleteInput() {
						if (arrInput.length > 0) {
						arrInput.pop();
						arrInputValue.pop();
						}
						display();
						}
					</script>
<?php 
			$id = $_GET['id'];
			$do = $_GET['do'];
			$header = 'Mantis';
			$t_current_user_name = current_user_get_field( 'username' );

#######################################################################################
//Security care center
		if ($do == viewss)
		{ 
				$id = mysql_real_escape_string($id);
				$sql = mysql_query('SELECT * FROM mantis_securityservices_table WHERE id="'.$id.'"');
				$rqRC = mysql_fetch_array($sql);
			if ($rqRC['id'] == 0)
			{echo '<b>Thông tin khách hàng này không tồn tại. <a href=/'.$header.'/projectcenter.php>Quay lại<a/>!';}
			else
			{
			
			#Query tới db để lấy thông tin khách hàng
				$id = mysql_real_escape_string($id);
				$sql = mysql_query('SELECT * FROM mantis_securityservices_table WHERE id="'.$id.'"');
				While ($row = mysql_fetch_array($sql))
					{
						$sid = $_GET['id'];
						$i++;
						$ctname = $row['ctname'];
						$ctphone = $row['ctphone'];
						$ctmst = $row['ctmst'];
						$ctbank = $row['ctbank'];
						$ctaddress = $row['ctaddress'];
						$city = $row['city'];
						$area = $row['area'];
						
						$pktt = $row['pktt'];
						$custype = $row['custype'];
						$pstatus = $row['pstatus'];
						
						$nMan = $row['nMan'];
						$pMan = $row['pMan'];
						$eMan = $row['eMan'];
						
						$pentest = $row['pentest'];
						$audit = $row['audit'];
						$ddos = $row['ddos'];
						$train = $row['train'];
						$cise = $row['cise'];
						$pdoanhso = $row['pdoanhso'];
						$assignto = $row['assignto'];
						
						$adder = $seller;
						$infotop = $row['infotop'];
						$time = date("H:i:s, d-m-Y");
						$start_time = (date("d-m-Y",$row['start_time']));
						include ('changeinfo.php');
						$ssrpsql = mysql_query("SELECT rpid, ssid, ssrpsubject, ssreport, ssrpupd, from_unixtime(timelast) FROM mantis_ssrp_table WHERE ssid= '$id' order by timelast DESC");
						echo  '
					<div align=center><a href="?do=viewss&id='.$id.'"><font size=3><b>Overview ['.$ctname.'] _ '.$start_time.' </b></font></a></div>
					<br>
					<table cellspacing="0" cellpadding="0" style="border-collapse:collapse;" width=100%>
						<tr><td>
						<table border=1 width=100% cellspacing=0 cellpadding=0 style="border-collapse:collapse;"><tr>
							<td width=50% valign=top>
						<table width=100% style="border: 1px solid black;border-collapse:collapse;" class=ttt>
							<tr><td width=30% valign=top>
							<div style="background:#CECEFF"><b>Danh sách báo cáo | [<a href="?do=ssreport&id='.$id.'">Lập báo cáo</a>]</b></div>
							
							<table width=100% class=t4 border=1 bordercolor=black cellpadding=0 cellspacing=0 style="border-collapse:collapse;margin-top:2px;">
							<tr><td bgcolor=#CCCCCC><b>Date</td><td bgcolor=#CCCCCC><b>By</td><td bgcolor=#CCCCCC><b>Subject</td></tr>';
							
							While ($row = mysql_fetch_array($ssrpsql))
							{		
								$rpid	= $row['rpid'];
								$ssid	= $row['ssid'];
								$ssrpsubject = nl2br($row['ssrpsubject']);
								$ssreport = nl2br($row['ssreport']);
								$ssrpudp = $row['ssrpupd'];
								$timelast = $row['from_unixtime(timelast)'];
								
								echo '<tr><td valign=top>'.$timelast.'</td><td valign=top>'.$ssrpudp.'</td>
								<td valign=top height=30><a href="?do=viewss&id='.$id.'&a=viewrp&rp='.$rpid.'#1">'.$ssrpsubject.'</a></td></tr>';
							}
					
							//View report detail
						if ($_GET['a'] == viewrp)
						{
							$rpn = $_GET['rp'];
							$rpnsql = mysql_query("SELECT rpid, ssid, ssrpsubject, ssreport, ssrpupd, from_unixtime(timelast) FROM mantis_ssrp_table WHERE ssid= '$id' and rpid='$rpn' order by timelast DESC");
							While ($row = mysql_fetch_array($rpnsql))
							{
								$rpid	= $row['rpid'];
								$ssid	= $row['ssid'];
								$ssrpsubject = nl2br($row['ssrpsubject']);
								$ssreport = nl2br($row['ssreport']);
								$ssrpudp = $row['ssrpupd'];
								$timelast = $row['from_unixtime(timelast)'];
								echo '<table width=100% cellpadding=0 cellspacing=0><tr><td>
								<div style="background:#CECEFF"><b><u><a name=1>'.$ssrpsubject.'</a></u></b></div>
								<div style="background:#F2F2F2"><b>'.$timelast.' | '.$ssrpudp.' | Edit 
								| <a href="?do=viewss&id='.$id.'&a=delrp&rp='.$rpid.'">Del</a></b><br><br>'.$ssreport.'</div></td></tr>';
							}
						}
				echo '</table>
						</td></tr></table>
							</td>
							<td width=50% valign=top>
								<table style="border:1px solid black;width:100%;border-collapse:collapse;" class=ttt>
									<tr><td width=30%><b>Tên khách hàng</td><td>'.nl2br($ctname).'</td></tr>
									<tr><td><b>SDT liên lạc</td><td>'.$ctphone.'</td></tr>
									<tr><td><b>Mã số thuế</td><td>'.$ctmst.'</td></tr>
									<tr><td><b>Số TK ngân hàng</td><td>'.$ctbank.'</td></tr>
									<tr><td><b>Địa chỉ</td><td>'.nl2br($ctaddress).'</td></tr>
									<tr><td><b>Tỉnh/TP</td><td>'.$city.' [Khu vực: <b>'.$area.'</b>]</td></tr>
									<tr><td><b>Phân khúc thị trường</td><td>'.$pk.' [<b>'.$custype.'</b>]</td></tr>
									<tr><td width=30%><b>Trạng thái dự án</td><td class='.$cls.'><b>'.$ptc.'</td></tr>
									<tr><td><b>Đại diện/phụ trách</td><td>'.$nMan.'</td></tr>
									<tr><td><b>Phone</td><td>'.$pMan.'</td></tr>
									<tr><td><b>Email</td><td>'.$eMan.'</td></tr>
									<tr><td><b>Assigned to [sale]</td><td>'.$assignto.'</td></tr>
									<tr><td valign=top><b>Providing services</td><td>
									Pentest <b>('.$pentest.')</b> - Audit <b>('.$audit.')</b> - DDOS <b>('.$ddos.')</b> - Train <b>('.$train.')</b> - CISE  <b>('.$cise.')</b></td>
									</tr>
									<tr><td><b>Doanh số dự án</td><td>'.number_format($pdoanhso).' [VNĐ]</td></tr>
								</table>
								<div>
								<form name="changeAss" action="?do=changeAssignAndStatus&id='.$id.'" method="post">
									Assign to =>
									<Select name="assignto"  style="border: 1px solid #CCCCCC;height:22px;">
									<option value ='.$assignto.'>'.$assignto.'</option>';
									$req = mysql_query("select username from `mantis_user_table` where access_level='55'");
									while ($row = mysql_fetch_array($req))
									{if ($row['username'] != $seller){ echo'<option value ='.$row['username'].'>'.$row['username'].'</option>'; }}
									echo '</select>
								
									Status to =>
									<Select name="pstatus"  style="border: 1px solid #CCCCCC;height:22px;">
									<option value='.$pstatus.'>'.$pstatus.'</option>
									<option value=tiepcan>Tiếp cận</option>
									<option value=khaosat>Khảo sát</option>
									<option value=dauthau>Đầu thầu</option>
									<option value=kihopdong>Kí hợp đồng</option>
									<option value=dangtrienkhai>Đang triển khai</option>
									<option value=nghiemthu>Nghiệm thu</option>
									<option value=closedwin>ClosedWin</option>
									<option value=closedlost>ClosedLost</option>
									</select>
									<br>
									Phân khúc thị trường => <Select name="pktt" style="border: 1px solid #CCCCCC;height:22px;">
									<option value ='.$pktt.'>'.$pktt.'</option>
									<option value =bank>Ngân hàng/ Chứng khoán/ Bảo hiểm</option>
									<option value =nntw>Khối Nhà Nước TW</option>
									<option value =nnt>Khối Nhà Nước Tỉnh</option>
									<option value =anninh>Khối An Ninh - Quốc Phòng</option>
									<option value =yte>Khối Y Tế</option>
									<option value =congnghiep>Khối Công nghiệp/Nhà máy</option>
									<option value =ttdulich>Khối Thông tin/Du lịch/Báo chí</option>
									<option value =cntt>Khối công ty CNNT</option>
									<option value =telco>Khối Telco (Viễn Thông)</option>
									<option value =nangluong>Khối Năng Lượng</option>
									</select>
									
									KT => <Select name="skt" style="border: 1px solid #CCCCCC;height:22px;">
									<option value ='.$custype.'>'.$custype.'</option>
									<option value =kt1>KT1</option>
									<option value =kt2>KT2</option>
									<option value =kt3>KT3</option>
									</select>
									<input name="submit" type="submit" value="submit">
							</form>
							<div><form name="modify" action="?do=editss&id='.$id.'" method="post">
							<button type="edit" name="edit" value="edit"  style="height:25px;width:100px;">Edit</button>
							</form>
							<form name="del" action="?do=delss&id='.$id.'" method="post">
							<button type="del" name="del" value="del"  style="height:25px;width:100px;">Del</button>
							</form>
						</div>
						</div>
							</td>
							</tr>
						</table>
						</td></tr></table><br>
						
						<table border=1 cellpadding=0 cellspacing=0 style="border-collapse:collapse" width=100%><tr>
						<td width=50% valign=top>
								<form action="?do=uploadp&id='.$id.'" method="post" enctype="multipart/form-data">
							<table border=0 cellpadding=0 cellspacing=0 style="border-collapse:collapse" width=100% bgcolor=#CECEFF>
								<tr><td width=20%>Select File</td></td><td> <input type="file"  name="ufile" /> <input type="submit" value="Upload file" /></td></tr>
							</table></form><br>
							<table border=0 cellpadding=0 cellspacing=0 style="border-collapse:collapse" width=100% bgcolor=#CECEFF class=ttt>
							<tr><td width=40%><b>Filename</td><td><b>Date</td><td><b>User_id</td><td><b>Download</td></tr>';
						
							$sqlfUp = mysql_query('SELECT  id,filename,file_type,filesize,from_unixtime(date_added), 
							care_id, user_id,folder, new_file_name, pjcare_id FROM mantis_care_file_table WHERE pjcare_id="'.$id.'"');
								$b = 1;
								While ($row = mysql_fetch_array($sqlfUp)) {	if($b%2==0)  { $sl = '#E1E1E1';} else{ $sl = 'white';}
								
								$filename    = $row['filename'];
								$file_type   = $row['file_type'];             
								$filesize = $row['filesize'];
								$date_added = $row['from_unixtime(date_added)'];
								$care_id = $row['care_id'];
								$user_id       = $row['user_id'];
								$folder        = $row['folder'];
								$new_file_name= $row['new_file_name'];
								$url = ''.$folder;
								echo '<tr><td bgcolor='.$sl.'>'. $filename.'</td><td bgcolor='.$sl.'>'.$date_added.'</td>
								<td bgcolor='.$sl.'>'.$user_id.'</td><td bgcolor='.$sl.'><a href='.$url.'>Download</a></td></tr>';
								$b++;
								}
							echo '</table></form><br>
						</td>
						
						<td valign=top width=50%>
							<table border=0 cellpadding=0 cellspacing=0 style="border-collapse:collapse" width=100% bgcolor=#CECEFF class=ttt>
							<tr><td width=30%><b>Thông tin chính dự án
							[<a href="?do=editcus&id='.$id.'">Edit</a>]</b>
							</td></tr>
							<tr><td bgcolor=white>'.nl2br($infotop).'</td></tr>
							</table>
						</td></tr>
						</table>';
					}
			
			}
			
			# Show báo cáo của services id
			echo '<br>
			<table border=1 cellspacing=0 cellpadding=0 style="border-collapse:collapse;" width=100%>
				<tr><td width=50%> ';
						
				echo '</td>
					<td width=50% valign=top>
					<table border=0 cellspacing=0 cellpadding=0 style="border-collapse:collapse;" width=100% class=ttt>  
						<tr><td valign=top bgcolor=#CECEFF><b>Task list [<a href="?do=sstask&id='.$id.'">Add task</a>] | <a href="?do=sstask&id='.$id.'">Task managed</a></b></td></tr></table>
						<table width=100% class=t4 border=1 bordercolor=black cellpadding=0 cellspacing=0 style="border-collapse:collapse;margin-top:2px;">
						<tr>
						<td bgcolor=#CCCCCC width=2%><b>STT</td>
						<td bgcolor=#CCCCCC width=60%><b>Content</td>
						<td bgcolor=#CCCCCC><b>By</td>
						<td bgcolor=#CCCCCC><b>Assigned to</td></tr>
						';
							While ($row = mysql_fetch_array($ssrpsql))
							{		
								$rpid	= $row['rpid'];
								$ssid	= $row['ssid'];
								$ssrpsubject = nl2br($row['ssrpsubject']);
								$ssreport = nl2br($row['ssreport']);
								$ssrpudp = $row['ssrpupd'];
								$timelast = $row['from_unixtime(timelast)'];
								
								echo '<tr><td>'.$dem.'</td><td valign=top>'.$timelast.'</td><td valign=top>'.$ssrpudp.'</td>
								<td valign=top height=30><a href="?do=viewss&id='.$id.'&a=viewrp&rp='.$rpid.'#1">'.$ssrpsubject.'</a></td></tr>';
							}
							echo '</table>
						</td></tr></table>';
// Show NOTE 
			$ssnotesql = mysql_query("SELECT id, ssid, ssnote, ssupdater, from_unixtime(timelast) FROM mantis_ssnote_table WHERE ssid= '$id' order by timelast DESC");
				While ($row = mysql_fetch_array($ssnotesql))
				{
					$noteid	= $row['id'];
					$ssid	= $row['ssid'];
					$ssnote = nl2br($row['ssnote']);
					$ssupdater = $row['ssupdater'];
					$timelast = $row['from_unixtime(timelast)'];
			
			#Show note
				echo '
				<table border=1 cellspacing=0 cellpadding=0 style="border-collapse:collapse;margin-bottom:3px;" width=50%>
				<tr><td> 
				<table border=1 bordercolor=white cellspacing=0 cellpadding=0 style="border-collapse:collapse;" width=100% bgcolor=#CECEFF class=ttt>  
				<tr><td width=20% valign=top><b>'.$ssupdater.'</b><br></b><br>
				<td valign=top bgcolor=white>'.$ssnote.'<br><br><font face=1 color=ccc>'.$timelast.'</font>
				- <a href="?do=delssnote&noteid='.$noteid.'&ssid='.$ssid.'"><b>Xóa</b></a></td></tr>
				</table>
				</td></tr></table>';
				}	
			
			// Add Note
			echo '<br><form name="ssnote" action="?do=addnt&id='.$id.'" method="post">
					<table border=1 cellspacing=0 cellpadding=0 style="border-collapse:collapse" width=50%>
						<tr><td>    
								<table border=1 bordercolor=white cellspacing=0 cellpadding=0 style="border-collapse:collapse" width=100% bgcolor=#CECEFF>  
									<tr>
										<td width=20% valign=top><b>Thảo luận</b></td>
										<td align=left><textarea name="ssnote" type="text" cols="55" rows="7"></textarea></td>
									</tr>	
								</table>
								<table border=1 bordercolor=white cellspacing=0 cellpadding=0 style="border-collapse:collapse" width=100% bgcolor=#CECEFF>  
									<tr>
										<td><input name="submit" type="submit" value="Post"></td>
									</tr>	
								</table>
							</td>
						</tr>
					</table></form>';
			echo '</td></tr></table>';
}
// Nhập thông tin về hệ thống khách hàng
		if ($do == addinfo)
		{
			$sid = $_GET['id'];
			$timeadd = time(); 
			$lastudp =$t_current_user_name;
			for($i=0;$i<20;$i++)
			{
				if (empty($_POST['daumuc'.$i.''])){}
				else{
						echo $_POST['daumuc'.$i.''].'-'.$_POST['soluong'.$i.''].'-'.$_POST['chungloai'.$i.''].'-'.$_POST['chuthich'.$i.''];
						$dm = $_POST['daumuc'.$i.''];
						$sl = $_POST['soluong'.$i.''];
						$cl = $_POST['chungloai'.$i.''];
						$ct = $_POST['chuthich'.$i.''];
						$sid = $_GET['id'];
						echo "<br>";
						mysql_query("
						insert into `mantis_ssclientsystem_table` 
						(SID, ktks, daumuc, soluong, chungloai, chuthich, timeadd, lastupd) 											
						values('$sid','$ktks','$dm','$cl','$sl','$ct','$timeadd','$lastudp')");
					}
			}header("Location: ssview.php?do=viewss&id=$sid");
		}
		
//Change status và assign to
		if ($do == changeAssignAndStatus)
		{	
			$sid = $_GET['id'];
			$sstatus = $_POST['pstatus'];
			$sassignto = $_POST['assignto'];
			$spktt = $_POST['pktt'];
			$skt = $_POST['skt'];
			$sssql = mysql_query('SELECT * FROM mantis_securityservices_table WHERE id="'.$sid.'"');
			while ($row = mysql_fetch_array($sssql))
			{ 
					$rassignto = $row['assignto'];
					$rstatus = $row['pstatus'];
					$rsupport = $row['csupport'];
					$rpktt = $row['pktt'];
					$rkt = $row['custype'];
					$type = 'secservices';				
										
				if ($sassignto  != $rassignto)
				{
					$field_name = 'assignto';
					$useradd  = $t_current_user_name;
					$time = date("H:i:s, d-m-Y");
					$old_value = $rassignto;
					$new_value = $sassignto;
					$last_updated = time();
					
					mysql_query("insert into `mantis_project_history_table` 
					(user_id, pid, field_name, type, old_value, new_value, date_modified) 
					values('$useradd','$sid','$field_name','$type','$old_value','$new_value','$last_updated')");
				}
				
				if ($pstatus  != $rstatus)
				{
					$field_name = 'status';
					$useradd  = $t_current_user_name;
					$time = date("H:i:s, d-m-Y");
					$old_value = $rstatus;
					$new_value = $sstatus;
					$last_updated = time();
					mysql_query("insert into `mantis_project_history_table` 
					(user_id, pid, field_name, type, old_value, new_value, date_modified) 
					values('$useradd','$sid','$field_name','$type','$old_value','$new_value','$last_updated')");
				}
				
				if ($spktt  != $rpktt)
				{
					$field_name = 'pktt';
					$useradd  = $t_current_user_name;
					$time = date("H:i:s, d-m-Y");
					$old_value = $rpktt;
					$new_value = $spktt;
					$last_updated = time();
					mysql_query("insert into `mantis_project_history_table` 
					(user_id, pid, field_name, type, old_value, new_value, date_modified) 
					values('$useradd','$sid','$field_name','$type','$old_value','$new_value','$last_updated')");
				}
				
				if ($skt  != $rkt)
				{
					$field_name = 'kt';
					$useradd  = $t_current_user_name;
					$time = date("H:i:s, d-m-Y");
					$old_value = $rkt;
					$new_value = $skt;
					$last_updated = time();
					mysql_query("insert into `mantis_project_history_table` 
					(user_id, pid, field_name, type, old_value, new_value, date_modified) 
					values('$useradd','$sid','$field_name','$type','$old_value','$new_value','$last_updated')");
				}
				mysql_query("UPDATE `mantis_securityservices_table` SET `pstatus` = '$sstatus', `assignto` = '$sassignto',`pktt` = '$spktt',`custype` = '$skt'  WHERE `id` ='$id'");
			}
			header("location: ?do=viewss&id=$sid");
		}
		
//Edit thông tin khác hàng
		if ($do == editss)
		{
			#Query tới db để lấy thông tin khách hàng
				$id = mysql_real_escape_string($id);
				$sql = mysql_query('SELECT * FROM mantis_securityservices_table WHERE id="'.$id.'"');
				While ($row = mysql_fetch_array($sql))
					{
						$sid = $_GET['id'];
						$i++;
						$ctname = $row['ctname'];
						$ctphone = $row['ctphone'];
						$ctmst = $row['ctmst'];
						$ctbank = $row['ctbank'];
						$ctaddress = $row['ctaddress'];
						$city = $row['city'];
						$area = $row['area'];
						
						$pktt = $row['pktt'];
						$custype = $row['custype'];
						$pstatus = $row['pstatus'];
						
						$nMan = $row['nMan'];
						$pMan = $row['pMan'];
						$eMan = $row['eMan'];
						
						$pentest = $row['pentest'];
						$audit = $row['audit'];
						$ddos = $row['ddos'];
						$train = $row['train'];
						$cise = $row['cise'];
						$pdoanhso = $row['pdoanhso'];
						
						$assignto = $row['assignto'];
						
						$adder = $seller;
						$infotop = $row['infotop'];
						$comment = $row['comment'];
						$time = date("H:i:s, d-m-Y");
						$start_time = time();
						$time = date("H:i:s, d-m-Y");
						$start_time = (date("d-m-Y H:i:s",$row['start_time']));
						include ('changeinfo.php');
						
						echo  '
					<form name="queryss" action="?do=queryeditss&id='.$id.'" method="post">
					<table border=1 cellpadding=0 cellspacing=0 style="border-collapse:collapse">
						<tr><td bgcolor=green>
						<font color=white><b>Thông tin khách hàng</font></b>
						</td></tr>
						<tr><td>
						<table>
							<tr><td class=menuss>Tên doanh nghiệp </td>
							<td class=menuss><textarea name="ctname" type=text cols="20" rows="1">'.$ctname.'</textarea></td>
							<td class=menuss>SDT liên lạc :</td><td class=menuss><input name="ctphone" value='.$ctphone.'></td>
							</tr>
							<tr><td class=menuss>Mã số thuế </td><td class=menuss><input name="ctmst" value='.$ctmst.'></td>
							<td class=menuss>Số TK ngân hàng :</td><td class=menuss><input name="ctbank" value='.$ctbank.'></td></tr>
							<tr><td class=menuss>Địa chỉ :</td><td class=menuss><textarea name="ctaddress" cols="20" rows="1">'.$ctaddress.'</textarea></td>
							<td class=menuss>Tỉnh/TP : </td>
							<td class=menuss>
							<Select name="city">
									<option value ='.$city.'>'.$city.'</option>
									<option value =angiang>An Giang</option>
									<option value =bariavungtau>Bà rịa vũng tàu</option>
									<option value =bacgiang>Bắc Giang</option>
									<option value =baclieu>bạc liêu</option>
									<option value =baccan>bắc cạn</option>
									<option value =bacninh>bắc ninh</option>
									<option value =bentre>bến tre</option>
									<option value =binhdinh>bình định</option>
									<option value =binhduong>bình dương</option>
									<option value =binhphuoc>bình phước</option>
									<option value =binhthuan>bình thuận</option>
									<option value =camau>cà mau</option>
									<option value =caobang>cao bằng</option>
									<option value =cantho>cần thơ</option>
									<option value =danang>đà nẵng</option>
									<option value =daklak>đắk lắk</option>
									<option value =daknong>đắk nông</option>
									<option value =dienbien>điện biên</option>
									<option value =dongnai>đồng nai</option>
									<option value =dongthap>đồng tháp</option>
									<option value =gialai>gia lai</option>
									<option value =hagiang>hà giang</option>
									<option value =hanam>hà nam</option>
									<option value =hanoi>hà nội</option>
									<option value =hatinh>hà tĩnh</option>
									<option value =haiduong>hải dương</option>
									<option value =haiphong>hải phòng</option>
									<option value =haugiang>hậu giang</option>
									<option value =hoabinh>hòa bình</option>
									<option value =hcm>hcm</option>
									<option value =hungyen>hưng yên</option>
									<option value =khanhhoa>khánh hòa</option>
									<option value =kiengiang>kiên giang</option>
									<option value =kontum>kon tum</option>
									<option value =laichau>lai châu</option>
									<option value =lamdong>lam dong</option>
									<option value =langson>lạng sơn</option>
									<option value =laocai>lào cai</option>
									<option value =longan>long an</option>
									<option value =namdinh>nam định</option>
									<option value =nghean>nghệ an</option>
									<option value =ninhbinh>ninh bình</option>
									<option value =ninhthuan>ninh thuận</option>
									<option value =phutho>phú thọ</option>
									<option value =phuyen>phú yên</option>
									<option value =quangbinh>quảng bình</option>
									<option value =quangnam>quảng nam</option>
									<option value =quangngai>quảng ngãi</option>
									<option value =quangninh>quảng ninh</option>
									<option value =quangtri>quảng trị</option>
									<option value =soctrang>sóc trăng</option>
									<option value =sonla>sơn la</option>
									<option value =tayninh>tây ninh</option>
									<option value =thaibinh>thái bình</option>
									<option value =thainguyen>thái nguyên</option>
									<option value =thanhhoa>thanh hóa</option>
									<option value =thuathienhue>thừa thiên huế</option>
									<option value =tiengiang>tiền giang</option>
									<option value =travinh>trà vinh</option>
									<option value =tuyenquang>tuyên quang</option>
									<option value =vinhlong>vĩnh long</option>
									<option value =vinhphuc>vĩnh phúc</option>
									<option value =yenbai>yên bái</option>	
								</select>
							</td></tr>
							<tr>
								<td class=menuss> Khu vực: </td><td>
								<Select name="area">
								<option value ='.$area.'>'.$area.'</option>
								<option value ='.$am1.'>'.$am1.'</option>
								<option value ='.$am2.'>'.$am2.'</option>
								</select><br>
							</td><td class=menuss> Project status </td>
								<td class='.$cls.'><b>'.$ptc.'</td></tr>
							<tr><td class=menuss>Đại diện/phụ trách:</td>
								<td class=menuss><textarea name=nMan type=text cols="20" rows="1">'.$nMan.'</textarea></td>
								<td class=menuss>Phone :</td><td class=menuss><input name=pMan value='.$pMan.' ></td></tr>
							<tr><td class=menuss>Email :</td><td class=menuss>
							<textarea name=eMan type=text cols="20" rows="1">'.$eMan.'</textarea></td>
							</tr>
							
							<tr><td valign=top> Providing services:</td><td>
							Pentest<input type="checkbox" name="pentest" '.$pcheck.'/><br>
							Audit<input type="checkbox" name="audit" '.$acheck.'/><br>
							DDos<input type="checkbox" name="ddos" '.$dcheck.'/><br>
							Train<input type="checkbox" name="train" '.$tcheck.'/><br>
							CISE<input type="checkbox" name="cise" '.$ccheck.'/></td>
							</tr>
							
							<tr><td class=menuss> Doanh số dự án</td><td class=menuss>
							<input name="pdoanhso" value='.$pdoanhso.' type=text></td></tr>
							<tr><td><input type="submit" name="submit" value="submit">
							</form></td><td>
							
							</td></tr></table>
						</table>
						<br><br>
						<table border=1 cellpadding=0 cellspacing=0 style="border-collapse:collapse">
						<tr><td bgcolor=green><font color=white><b>Phân tích khách hàng</font></td></tr>
						<tr><td>
								<table>
									<tr><td valign=top  class=menuss>Thông tin chính dự án:</td><td class=menuss>'.nl2br($infotop).'</td></tr>
									<tr><td valign=top >Phân tích/đánh giá khách hàng</td><td>'.nl2br($comment).'</td></tr>
								</table>
							</td></tr>
						</table>
							'; 
					}
			
		}
		
//Update thông tin khách hàng vào cơ sở dữ liệu
		if ($do == queryeditss)
		{
						$id = $_GET['id'];
						$ctname = $_POST['ctname'];
						$ctphone = $_POST['ctphone'];
						$ctmst = $_POST['ctmst'];
						$ctbank = $_POST['ctbank'];
						$ctaddress = $_POST['ctaddress'];
						$city = $_POST['city'];
						$area = $_POST['area'];
						
						$pktt = $_POST['pktt'];
						$custype = $_POST['custype'];
						
						$nMan = $_POST['nMan'];
						$pMan = $_POST['pMan'];
						$eMan = $_POST['eMan'];
						
						$pentest = $_POST['pentest'];
						$audit = $_POST['audit'];
						$ddos = $_POST['ddos'];
						$train = $_POST['train'];
						$cise = $_POST['cise'];
						$pdoanhso = $_POST['pdoanhso'];
						
						$editer = $t_current_user_name;
						$infotop = $_POST['infotop'];
						$comment = $_POST['comment'];
						$time = date("H:i:s, d-m-Y");
				mysql_query("UPDATE `mantis_securityservices_table` 
				SET `ctname` = '$ctname',`ctphone` = '$ctphone', `ctmst` = '$ctmst',`ctbank` = '$ctbank',
				`ctaddress` = '$ctaddress', `city` = '$city', `area` = '$area',
				`nMan` = '$nMan',`pMan` = '$pMan', `eMan` = '$eMan',
				`pentest` = '$pentest' ,`audit` = '$audit',`ddos` = '$ddos',`train` = '$train',`cise` = '$cise',
				`pdoanhso` = '$pdoanhso', `adder` = '$editer'
				WHERE `id` ='$id'");
				header("location: ?do=viewss&id=$id");
		}
		
//Xóa thông tin khách hàng
		if ($do == delss)
		{
			$id = $_GET['id'];
			mysql_query("DELETE FROM `mantis_securityservices_table` WHERE `id` ='$id' LIMIT 1");
			mysql_query("DELETE FROM `mantis_ssclientsystem_table` WHERE `sid` ='$id'");
			header("location: securityservices.php?do=viewall");
		}
		
//Edit Thông tin chính dự án
		if ($do == editcus)
		{
			$sql = mysql_query('SELECT * FROM mantis_securityservices_table WHERE id="'.$id.'"');
				While ($row = mysql_fetch_array($sql))
					{
					$infotop = $row['infotop'];
					$comment = $row['comment'];
					echo '<table border=1 cellpadding=0 cellspacing=0 style="border-collapse:collapse; margin-right:10px; float:left">
					<tr><td bgcolor=green><font color=white><b>Cập nhật phân tích/Đánh giá</font></td></tr>
					<tr><td>
					<form name="editcus" action="?do=makeeditcus&id='.$id.'" method="post">	
					<table>
					<tr><td valign=top  class=menuss>Thông tin chính dự án:</td>
					<td class=menuss><textarea name="infotop" type=text cols="40" rows="3">'.nl2br($infotop).'</textarea></td></tr>
					<tr><td>
					<input name="submit" type="submit" value="Submit">
					</form>
					</td></tr>
					</table></td></td></table>';
					}
		}
		
		if ($do == makeeditcus)
		{
			$id = $_GET['id'];
			$infotop = $_POST['infotop'];
			mysql_query("UPDATE `mantis_securityservices_table` SET `infotop` = '$infotop' WHERE `id` ='$id'");
			header("location: ?do=viewss&id=$id");
		}
		
//Xóa thông tin khảo sát  hệ thống khách hàng
		if ($do == delksht)
		{
			$id = $_GET['id'];
			$kid = $_GET['kid'];
			mysql_query("DELETE FROM `mantis_ssclientsystem_table` WHERE `id` ='$kid'");
			header("location: ?do=viewss&id=$id");
		}

//Add nhập báo cáo cho dịch vụ
		if ($do == ssreport)
		{
			echo '<table border=1 style="border-collapse:collapse" align=center>
				<tr><td bgcolor=#CECEFF>Lập báo cáo</td></tr>
				<tr><td>
					<form name="addrp" action="?do=addrp&id='.$id.'" method="post">
					Tiêu đề: <br><textarea name="ssrpsubject" type="text" cols="60" rows="1"></textarea><br><br>
					Nội dung: <br><textarea name="ssreport" type="text" cols="60" rows="15"></textarea><br><br>
				</td></tr><tr><td bgcolor=#CECEFF>Email notification - Notify selected people about this via email:</td></tr><tr><td>
				<input type="checkbox" name="ttduc" /> Triệu Trần Đức | CEO<br>
				<input type="checkbox" name="binhlva" /> Lương Vũ An Bình <br>
				<input type="checkbox" name="phuonght" /> Hà Thế Phương <br>
				<input type="checkbox" name="tungtq" /> Trần Quang Tùng<br>
				<input name="submit" type="submit" value="Post">
				</td></tr></table>';
		}
		#Query to adding report
		if ($do == addrp)
		{
			$ssrpsubject = $_POST['ssrpsubject'];
			$ssreport = $_POST['ssreport'];
			$ssid = $id;
			$ssrpupd = $t_current_user_name;
			$timelast = time();
			$m0 = $t_current_email;
			
			if ($_POST['ttduc'] == on) { $m1 = ",ttduc@cmcinfosec.com";}
			if ($_POST['binhlva'] == on) { $m2 = ",binhlva@cmcinfosec.com";}
			if ($_POST['phuonght'] == on) { $m3 = ",phuonght@cmcinfosec.com";}
			if ($_POST['tungtq'] == on) { $m4 = ",tungtq@cmcinfosec.com";}
			
			mysql_query("insert into `mantis_ssrp_table` 
						(ssid, ssrpsubject, ssreport, ssrpupd, timelast) 											
						values('$ssid','$ssrpsubject','$ssreport','$ssrpupd','$timelast')");
			include("mail_reply_report.php");
			header("Location: ssview.php?do=viewss&id=".$id."");
		}
		
		#delte report 
		if ($_GET['a'] == delrp)
		{
			$rp = $_GET['rp'];
			mysql_query("DELETE FROM `mantis_ssrp_table` WHERE `mantis_ssrp_table`.`rpid` = '$rp' limit 1");
			header("Location: ssview.php?do=viewss&id=".$id."");
		}

//Add note cho dịch vụ
		if ($do == addnt)
		{
			$ssnote = $_POST['ssnote'];
			$ssid = $id;
			$ssupdater = $t_current_user_name;
			$timelast = time();
			mysql_query("insert into `mantis_ssnote_table` 
						(ssid, ssnote, ssupdater, timelast) 											
						values('$ssid','$ssnote','$ssupdater','$timelast')");
			header("Location: ssview.php?do=viewss&id=".$id."");
		}

//Xóa note cho dịch vụ
		if ($do == delssnote)
		{
			$noteid = $_GET['noteid'];
			$ssid = $_GET['ssid'];
			mysql_query("DELETE FROM `mantis_ssnote_table` WHERE `mantis_ssnote_table`.`id` = '$noteid' LIMIT 1");
			header("Location: ssview.php?do=viewss&id=".$ssid."");
		}		
		
#Upload file log, screenshot theo bai viet
		if ($do == uploadp)
		{
		$id = $_GET['id'];
		$SafeFile = $HTTP_POST_FILES['ufile']['name'];
		$SafeFile = str_replace("#", "No.", $SafeFile);
		$SafeFile = str_replace("$", "Dollar", $SafeFile);
		$SafeFile = str_replace("%", "Percent", $SafeFile);
		$SafeFile = str_replace("^", "", $SafeFile);
		$SafeFile = str_replace("&", "and", $SafeFile);
		$SafeFile = str_replace("*", "", $SafeFile);
		$SafeFile = str_replace("?", "", $SafeFile);

		$t_current_user_name = current_user_get_field( 'username' );
						// random 4 digit to add to our file name
						// some people use date and time in stead of random digit
						$random_digit=rand(00000000000000,99999999999999);
						//combine random digit to you file name to create new file name
						$new_file_name=$random_digit.$theFileName;
		$path= "upload/".$new_file_name;
		
		if($ufile != none)
		{ //AS LONG AS A FILE WAS SELECTED...

		if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path))//IF IT HAS BEEN COPIED...
		{ 
			//GET FILE NAME
			$theFileName = $HTTP_POST_FILES['ufile']['name'];

			//GET FILE SIZE
			$theFileSize = $HTTP_POST_FILES['ufile']['size'];
			
			//GET FILE SIZE
			$theFileType = $HTTP_POST_FILES['ufile']['type'];
			

			if ($theFileSize>999999){ //IF GREATER THAN 999KB, DISPLAY AS MB
				$theDiv = $theFileSize / 1000000;
				$theFileSize = round($theDiv, 1)." MB"; //round($WhatToRound, $DecimalPlaces)
			} else { //OTHERWISE DISPLAY AS KB
				$theDiv = $theFileSize / 1000;
				$theFileSize = round($theDiv, 1)." KB"; //round($WhatToRound, $DecimalPlaces)
			}
			
			$pjcare_id = $id;
			$user_id = $t_current_user_name;
			$date_added = time();
			$md5 = md5_file($path);
			echo $md5;
			mysql_query("insert into `mantis_care_file_table` 
				(filename,file_type,filesize,date_added,care_id, pjcare_id, user_id, folder, new_file_name) 
				values ('$theFileName','$theFileType','$theFileSize','$date_added','$care_id','$pjcare_id','$user_id','$path','$new_file_name')");
		} else 
			{

			//PRINT AN ERROR IF THE FILE COULD NOT BE COPIED
				echo '
				<table cellpadding="5" width="80%">
				<tr>
				<td align="Center" colspan="2"><font color=\"#C80000\"><b>File could not be uploaded</b></font></td>
				</tr></table>';
			}
		}
		header("location: /$header/view_care_report.php?do=viewpj&id=$id");
	}
		

		?>
				</td>
			</tr>
		</table>
</div>

<?php
	html_page_bottom();
